Airport Raids Target Fraudsters

A massive international operation has resulted in the arrest of 118 people - many at airports - on suspicion of using fake tickets, or using stolen card data to purchase airline tickets. Officials say the arrests resulted from a new big data capability that combines relevant information from law enforcement databases, payment card industry records and airline ticketing systems, which for the first time allows police to better pinpoint airline ticket fraudsters.

Law enforcement agencies from 45 different countries participated in the operation, as did 60 airlines and 80 airports, as well as credit card companies American Express, MasterCard, Visa and Visa Europe, which helped identify suspicious airline ticket transactions. The effort was coordinated by the European Cybercrime Center, or EC3, at Europol - the EU law enforcement agency that handles criminal intelligence - together with Ameripol and Interpol, which respectively coordinate transnational criminal investigations across the Americas and globally.

The airline industry reports that ticket-related fraud costs airlines $1 billion per year. "Fraudsters are costing the airline industry significant amounts of money," says Aleks Popovich, who heads financial and distribution services for the International Air Transport Association. "But above all, the IATA airline members do not want to transport criminals and thus facilitate their illicit activities."

Europol says airline ticket fraud is often perpetrated by criminal enterprises who are also engaged in such activities as drug-running or human trafficking.

"Particularly in South America, where there's been a lot of drug crime - they also have a lot of their own cybercriminals - they've been able to operate not with impunity, but they've certainly had it quite easy in the past," says Alan Woodward, a visiting computing professor at the University of Surrey.

The arrests are not meant to demonstrate some new type of crime-fighting technology, he says, but rather new levels of coordination and cooperation between airlines, banks and law enforcement agencies. "It's a bit of the ultimate use of big data for criminal detection," says Woodward, who also serves as a cybercrime advisor to Europol, but notes that he was not involved in this operation. "If you join together the big-data dots - which is what Europol and Interpol have been doing - between the credit card companies, the airlines and spotting funny transactions, linking the two together, and just waiting for the person to turn up at the gate," he says, then police or airport security staff can simply arrest them.

Airlines Seek Fraud Crackdown

The new effort has been strongly backed by the airline industry. "Airlines are fighting credit card fraud on their ticket sales on [a] daily basis. It is clear to the airlines that they are up against organized crime in this fight," says Meta Backman, a security advisor for Finnair who also chairs the European Airlines Fraud Prevention group. "Airlines are depending on card-issuing banks to obtain confirmation of fraudulent use of credit cards. Without confirmation, airlines cannot report the crime to law enforcement."

European officials say dismantling ticket fraud also helps combat more large-scale organized crime activities. "Cybercrime is becoming a 'service' that organized crime groups buy and use, so we have to be ready and boost the capacity of our law enforcement agencies to act effectively," says Dimitris Avramopoulos, European Commissioner for Migration, Home Affairs and Citizenship.

"Europol's EC3 will continue to invest heavily in conducting similar operations and other activities that will make life harder for cybercriminals," says Europol director Rob Wainwright.

Months of Planning

The arrests of 118 people were made on Nov. 26 and Nov. 27, as part of a two-day demonstration of the new anti-ticket-fraud capabilities. Europol's EC3, which coordinated the effort, says months of planning were involved - bringing together law enforcement agencies, prosecutors, border-control agencies, airlines, and credit card companies. Europol says this isn't meant to be a temporary show of force, but rather a demonstration of what is now a new, regularly available capability.

This week's announcement also highlights the ease with which criminal rings appear to have been using fraudulently purchased - or fake - tickets for airline travel. "You would hope that it would be a risky endeavor - getting on an airline with a ticket that you bought with a stolen credit card," says Europol advisor Woodward. "But the trouble is, the information systems in the world are not that joined up. So sometimes it's quite easy to buy or get fake tickets or actually use stolen credit cards to buy tickets. What this is doing is showing that now ... they can join up all the dots, and people just can't get away with it."

Criminals "buying" airlines tickets using online fraud have had a few knocks at the door in the past 48 hours https://t.co/cHaorY6Pj8

First Stop: Money Mules

But the type of people in a gang who would typically be using fraudulent airline tickets are likely the low-level players, meaning that this week's arrests probably snared few, if any, criminal masterminds. "These are big, organized criminal gangs doing drug-running or something like that. It's a risky business being a drug mule anyway, so why not give them a fake ticket or buy it on a stolen credit card, because that hasn't proven a problem in the past," Woodward says. "So in some ways a lot of these arrests are people who the criminal gangs were kind of willing to sacrifice. But at the same time, law enforcement now have the end of the thread ... and they're slowly starting to reel the big fish in."

About the Author

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.